How to close high-risk ports Away from threats

Source: Internet
Author: User
Tags ftp client file transfer protocol

View local open ports

How to disable high-risk ports

1. system reserved ports (from 0 to 1023)

These ports are not allowed to be used. They all have a definite definition and correspond to some common services on the Internet. Each opened port represents a system service, for example, port 80 represents a Web service. 21 corresponds to FTP, 25 corresponds to SMTP, 110 corresponds to POP3, and so on;

2. Dynamic port (from 1024 to 65535)

When you need to communicate with others, Windows will allocate a dynamic port from 1024 to the local machine. If Port 1024 is not closed, when you need a port, port 1025 will be allocated for your use, and so on.

However, some system services are bound to ports 1024 to 49151, such as port 3389 (Remote Terminal Service ). Ports from 49152 to 65535 are usually not bundled with system services, allowing Windows to dynamically allocate them to you.

How to check which ports are enabled on the local machine:

By default, Windows opens many "service ports". If you want to check which ports are opened on the local machine and which computers are connected to the local machine, use the netstat command, windows provides the netstat command to display the current TCP/IP network connection. Note: The netstat command can be used only when the TCP/IP protocol is installed. Operation Method: click "Start> RUN> cmd" to enter the DOS window. Enter the netstat-na command and press enter to display the local connection status and opened ports, the Local Address indicates the Local IP Address and the opened port number. Foreign Address indicates the IP Address and port number of the remote computer. State indicates the current TCP connection status, and LISTENING indicates the LISTENING status, waiting for the remote computer connection.

Port 21

Port Description: port 21 is mainly used for the FTP (File Transfer Protocol) service. The FTP service is mainly used to upload and download files between two computers, one computer acts as the FTP client, and the other computer acts as the FTP server. you can log on to the FTP server using anonymous logon and authorized username and password logon. Operation suggestion: if you do not set up an FTP server, we recommend that you disable port 21. Disable the FTP Publishing Service;

Port 23

It is mainly used for the Telnet (Remote logon) service and is also the default port of the TTS (Tiny Telnet Server) Trojan. The end method is as follows: start-set-control panel-Administrative Tools-service-Telnet-double-click-service status-stop-start type: disabled;

UDP123 Port

Port 25

Port Description: port 25 is SMTP (Simple Mail Transfer Protocol, Simple Mail Transfer Protocol). If you do not want to set up an SMTP Mail server, you can disable this port. Disable the Simple Mail Transport Protocol (SMTP) Service;

Port 53

It is open to DNS (Domain Name Server) servers and is mainly used for Domain Name resolution. If the current computer is not used to provide the Domain Name resolution service, we recommend that you disable this port. How to disable: Disable the DNS Client Service;

UDP123 Port

Click Start> Settings> control panel, and double-click Administrative Tools> services to stop the Windows Time Service. Disable UDP port 123 to prevent some worms. Suggestion: Disable;

Port 135

Port 135 is mainly used to use the Remote Procedure Call Protocol and provide the DCOM (Distributed Component Object Model) service, RPC ensures that programs running on a computer can smoothly execute code on a remote computer;

Close method:

1. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Ole \ EnableDCOM anti-key-changed to "N ".

2. Delete "ncacn_ip_tcp" in HKEY_LOCAL_MACHINE-SOFTWARE-Microsoft-Rpc-DCOM Protocols"

3. Start-set-control panel-Administrative Tools-service-Disable Distributed Transaction Coordinator service;

137 port 138

It is a UDP port. This port is used when files are transmitted through network neighbors. Because it is a UDP port, attackers can easily obtain information about the target computer by sending requests, some information can be exploited directly and analyzed, such as IIS services. In addition, by capturing information packets that are using port 137 for communication, you may also get the start time and close time of the target computer, so that you can use a dedicated tool to attack. Method of disabling network neighbor properties-Local Connection Properties, remove file and printer sharing in Microsoft Network, and check with Microsoft network client;

Port 139

It is provided for "NetBIOS Session Service" and is mainly used to provide Windows file and printer sharing and Samba Service in Unix. To share files in a LAN in Windows, you must use this service. Although enabling port 139 provides shared services, it is often exploited by attackers to launch attacks and scan port 139 of the target computer using a dedicated scanning tool. If any vulnerability is found, it is very dangerous to try to obtain the user name and password. If you do not need to provide file and printer sharing, we recommend that you disable this port. Method of disabling network neighbor properties-Local Connection Properties-Internet Protocol properties-advanced, select disable NetBIOS on TCP/IP ";

Port 3389

Port 445

It is about file and print sharing, which is also a relatively vulnerable area. If you do not need to share it, you can disable it. Close method start-run-enter regedit and find the following directory HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ NetBT \ Parameters on the left of the pop-up registry editing window, right-click the blank area on the right of the editing window, and select "DWORD Value" in the "new" menu to name the New DWORD parameter "SMBDeviceEnabled ", the value is the default "0 ";

(Supplement: To disable ports 137, 138, 139, and 445 at a time, click Start> Control Panel> system> hardware> Device Manager ", click "show hidden devices" under the "View" menu, double-click "out-of-the-box driver", find and double-click NetBios over Tcpip, in the "NetBios over Tcpip properties" window, click "do not use this device (disable)" under the "General" tab )", click OK and restart .)

UDP1900 Port

On the Control Panel, double-click "Administrative Tools> Services" to stop the SSDP Discovery Service. Disable this port to prevent DDoS attacks. Suggestion: Disable;

Port 3389

Port 3389 is the port opened by the Remote Management Terminal of windows. It is not a Trojan program. Check whether the service is open by yourself. If not, disable the service. By the way, if this port is enabled and remotely accessed by hackers, your computer will become a "zombie" in their mouths. Almost all hackers will implant trojans on your host. The consequences can be imagined ......

How to disable: My computer properties-remote, will allow Remote Assistance invitations from this computer and Remove hooks that allow users to remotely connect to this computer.

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.